- 227 -
WHAT IS CLAIMED IS:
1. A person authentication application data processing
system for performing a person authentication process based
on a verification process between a template extracted from
a person identification certificate in which the template
which is person identification data of an individual user
who uses an information processing apparatus and user input
sampling information, said person authentication application
data processing system comprising:
an information processing apparatus as a person
authentication execution entity; and
a person identification certificate authority as a
person identification certificate issuing entity,
wherein said information processing apparatus performs
a process of retrieving a person identification certificate
used for a person authentication process based on user input
information, and outputs a request for issuing a person
identification certificate to the person identification
certificate authority when a person identification
certificate corresponding to the user input information
cannot be extracted,
said person identification certificate authority
creates a person identification certificate in which an
encrypted template which can be decrypted in said
- 228 -
information processing apparatus and. performs an issuing
process for the information processing apparatus, and
said information processing apparatus performs a
process for storing the person identification certificate
issued from said person identification certificate authority
in the storage means of the information processing apparatus .
2 . A person authentication application data processing
system according to Claim 1, wherein, in the process for
storing the newly obtained person identification certificate
in the storage means, when said newly obtained person
identification certificate is a person identification
certificate corresponding to the same user for an existing
public key certificate which has already been stored in said
information processing apparatus, said information
processing apparatus performs a process for creating pair
information of identifiers of each certificate and stores
the pair information in the storage means .
3. A person authentication application data processing
system according to Claim 1 , further comprising a
certificate authority as a public key certificate issuing
entity,
wherein, said information processing apparatus performs
a process for retrieving a public key certificate used
- 229 -
during data communication with an external apparatus with
stored data of the storage means of the information
processing apparatus being used as the retrieval target on
the basis of the user input information, creates a pair of a
public key and a secret key when the applicable public key
certificate cannot be extracted, transmits the created
public key to the certificate authority which is the issuing
entity of the public key certificate and makes a request for
issuing a person identification certificate,
said certificate authority performs a process for
issuing a public key certificate corresponding to an
individual user or a public key certificate corresponding to
said information processing apparatus, and
said information processing apparatus performs a
process for storing the public key certificate issued from
said certificate authority in the storage means of the
information processing apparatus.
4. A person authentication application data processing
system according to Claim 3, wherein, in the process for
storing the newly obtained person identification certificate
in the storage means, when said newly obtained person
identification certificate is a person identification
certificate corresponding to the same user for an existing
public key certificate which has already been stored in said
- 230 -
information processing apparatus, said information
processing apparatus performs a process for creating pair
information of identifiers of each certificate and stores
the pair information in the storage means .
5. A person authentication application data processing
system according to Claim 3, wherein, in the process for
storing the newly obtained person identification certificate
in the storage means, when said newly obtained person
identification certificate is a person identification
certificate corresponding to the same user for an existing
public key certificate which has already been stored in said
information processing apparatus, said information
processing apparatus performs a process for creating pair
information of identifiers of each certificate, stores the
pair information in the storage means, and registers
together a process identifier which identifies a process
such as services to be used.
6 . A person authentication application data processing
system according to Claim 1, further comprising a service
distribution construction in which various services such as
content distribution can be received from a service provider
under the control of a service registration server on the
condition of user registration for the service registration
- 231 -
server ,
wherein said information processing apparatus performs
a person authentication process based on a verification
process between the template extracted from the person
identification certificate in which the template which is
person identification data of an individual user who uses
the information processing apparatus is stored and user
input sampling information and performs user registration
for said service registration server on the condition that
person authentication is established.
7. A person authentication application data processing
system according to Claim 1, further comprising a service
distribution construction in which various services such as
content distribution can be received from a service provider
under the control of the service registration server on the
condition of user registration for the service registration
server,
wherein said information processing apparatus performs
mutual authentication with said service provider by using a
public key certificate corresponding to an individual user
or a public key certificate corresponding to said
information processing apparatus in a process for receiving
service distribution from said service provider, and
said service provider provides services for said
- 232 -
information processing apparatus on the condition that it is
confirmed that the public key certificate used for said
mutual authentication corresponds to an authorized user or
device registered in said service registration server and
said mutual authentication is established.
8. A person authentication application data processing
system according to Claim 1, wherein data communication
between said information processing apparatus as a person
authentication execution entity and the person
identification certificate authority as a person
identification certificate issuing entity is performed on
the condition that the mutual authentication process is
established.
9. A person authentication application data processing
system according to Claim 1, wherein, for data communication
between said information processing apparatus as a person
authentication execution entity and the person
identification certificate authority as a person
identification certificate issuing entity, a data
transmission part performs a process for creating an
electronic signature for transmission data, and a receiving
part performs a process for verifying the electronic
signature .
- 233 -
10. A person authentication application data
processing system according to Claim 1, wherein an
encryption key used to encrypt the template stored in the
person identification certificate issued from said person
identification certificate authority is a public key which
is set for said information processing apparatus or an
individual user.
11. A person authentication application data
processing system according to Claim 1 , wherein said
template is biometric information of a person such as
fingerprint information, retina pattern information, iris
pattern information, voice print information, and
handwriting information, or a non-biometric information such
as a seal, a passport, a driver's license, and a card, or
any combination of two or more of the biometric information
and the non-biometric information, or a combination of any
of the information and a password.
12. A person authentication application data
processing method for performing a person authentication
process based on a verification process between a template
extracted from a person identification certificate in which
a template which is person identification data of an
- 234 -
individual user who uses an information processing apparatus
and user input sampling information, said person
authentication application data processing method
comprising:
a step for providing an information processing
apparatus as a person authentication execution entity and a
person identification certificate authority as a person
identification certificate issuing entity;
a step in which said information processing apparatus
performs a process of retrieving a person identification
certificate used for a person authentication process based
on user input information, and outputs a request for issuing
a person identification certificate to the person
identification certificate authority which is a person
identification certificate issuing entity when a person
identification certificate corresponding to the user input
information cannot be extracted;
a step in which said person identification certificate
authority creates a person identification certificate in
which an encoded template which can be decrypted in said
information processing apparatus is stored and performs an
issuing process for the information processing apparatus;
and
a step in which said information processing apparatus
performs a process for storing the person identification
- 235 -
certificate issued from said person identification
certificate authority in the storage means of the
information processing apparatus .
13 . A person authentication application data
processing method according to Claim 12, wherein, in the
process for storing the newly obtained personal
identification certificate in the storage means, when said
newly obtained person identification certificate is a person
identification certificate corresponding to the same user
for an existing public key certificate which has already
been stored in said information processing apparatus, said
information processing apparatus performs a process for
creating pair information of identifiers of each certificate
and storing the pair information in the storage means.
14. A person authentication application data
processing method according to Claim 12, further comprising:
a step for providing a certificate authority as a
public key certificate issuing entity;
a step in which said information processing apparatus
performs a process for retrieving a public key certificate
used during data communication with an external apparatus
with stored data of the storage means of the information
processing apparatus being used as the retrieval target on
- 236 -
the basis of the user input information, creates a pair of a
public key and a secret key when the corresponding public
key certificate cannot be extracted, transmits the created
public key to the certificate authority which is the issuing
entity of the public key certificate;
a step in which said certificate authority performs a
process for issuing a public key certificate corresponding
to an individual user or a public key certificate
corresponding to said information processing apparatus; and
a step in which said information processing apparatus
performs a process for storing the public key certificate
issued from said certificate authority in the storage means
of the information processing apparatus.
15. A person authentication application data
processing method according to Claim 14, wherein, in the
process for storing the newly obtained personal
identification certificate in the storage mean, when said
newly obtained personal identification certificate is a
personal identification certificate corresponding to the
same user for an existing public key certificate which has
already been stored in said information processing apparatus,
said information processing apparatus performs a process for
creating pair information of identifiers of each certificate
and for storing the pair information in the storage means.
- 237 -
16. A person authentication application data
processing method according to Claim 14, wherein, in the
process for storing the newly obtained personal
identification certificate in the storage means, when said
newly obtained person identification certificate is a person
identification certificate corresponding to the same user
for an existing public key certificate which has already
been stored in said information processing apparatus , said
information processing apparatus performs a process for
creating pair information of identifiers of each certificate,
storing the pair information in the storage means, and
registering together a process identifier which identifies a
process such as services to be used.
17. A person authentication application data
processing method according to Claim 12, further comprising:
a step for providing a service distribution
construction in which various services such as content
distribution can be received from a service provider under
the control of a service registration server on the
condition of user registration for the service registration
server; and
a step in which said information processing apparatus
performs a person authentication process based on a
- 238 -
verification process between a template extracted from the
person identification certificate in which the template
which is person identification data of an individual user
who uses the information processing apparatus is stored and
the user input sampling information, and performs user
registration for said service registration server on the
condition that person authentication is established.
18. A person authentication application data
processing method according to Claim 12, further comprising:
a step for providing a service distribution
construction in which various services such as content
distribution can be received from a service provider under
the control of a service registration server on the
condition of user registration for the service registration
server;
a step in which, in a process for receiving service
distribution from said service provider, said information
processing apparatus performs mutual authentication with
said service provider by using a public key certificate
corresponding to an individual user who uses the information
processing apparatus or a public key certificate
corresponding to said information processing apparatus; and
a step in which said service provider provides services
for said information processing apparatus on the condition
- 239 -
that it is confirmed that the public key certificate used
for said mutual authentication corresponds to an authorized
user or device registered in said service registration
server and said mutual authentication is established.
19 . A person authentication application data
processing method according to Claim 12, wherein data
communication between said information processing apparatus
as a person authentication execution entity and the person
identification certificate authority as a person
identification certificate issuing entity is performed on
the condition that the mutual authentication process is
established.
20. A person authentication application data
processing method according to Claim 12, wherein, for data
communication between said information processing apparatus
as a person authentication execution entity and the person
identification certificate authority as a person
identification certificate issuing entity, a data
transmission part performs a process for creating an
electronic signature for transmission data, and a receiving
part performs a process for verifying the electronic
signature .
- 240 -
21. A person authentication application data
processing method according to Claim 12, wherein an
encryption key used to encrypt the template stored in the
person identification certificate issued from said person
identification certificate authority is a public key which
is set for said information processing apparatus or an
individual user.
22. An information processing apparatus for performing
a person authentication process based on a verification
process between a template extracted from a person
identification certificate in which the template which is
person identification data of an individual user who uses
the information processing apparatus is stored and user
input sampling information,
wherein said information processing apparatus performs
a process for retrieving a person identification certificate
used for a person authentication process based on user input
information with stored data of the information processing
apparatus being used as the retrieval target, outputs a
request for issuing a person identification certificate to a
person identification certificate authority which is a
person identification certificate issuing entity when a
person identification certificate corresponding to the user
input information cannot be extracted, and stores the person
- 241 -
identification certificate issued from the person
identification certificate authority in the storage means of
the information processing apparatus .
23. An information processing apparatus according to
Claim 22, wherein, in the process for storing the newly
obtained personal identification certificate in the storage
means , when said newly obtained person identification
certificate is a person identification certificate
corresponding to the same user for an existing public key
certificate which has already been stored in said
information processing apparatus, said information
processing apparatus performs a process for creating pair
information of identifiers of each certificate and for
storing the pair information in the storage means .
24 . An information processing apparatus according to
Claim 22, wherein said information processing apparatus
performs a process for retrieving a public key certificate
used for data communication with an external apparatus with
stored data of the storage means of the information
processing apparatus being used as the retrieval target on
the basis of user input information, creates a pair of a
public key and a secret key when a corresponding public key
certificate cannot be extracted, transmits the created
- 242 -
public key to the certificate authority which is a public
key certificate issuing entity, makes a request for issuing
a public key certificate, and performs a process for storing
the public key certificate issued from said certificate
authority in the storage means of the information processing
apparatus .
25. An information processing apparatus according to
Claim 24, wherein, in the process for storing the newly
obtained personal identification certificate in the storage
means, when said newly obtained person identification
certificate is a person identification certificate
corresponding to the same user for an existing public key
certificate which has already been stored in said
information processing apparatus, said information
processing apparatus performs a process for creating pair
information of identifiers of each certificate and stores
the pair information in the storage means.
26. An information processing apparatus according to
Claim 24, wherein, in the process for storing the newly
obtained personal identification certificate in the storage
means, when said newly obtained person identification
certificate is a person identification certificate
corresponding to the same user for an existing public key
- 243 -
certificate which has already been stored in said
information processing apparatus, said information
processing apparatus performs a process for creating pair
information of identifiers of each certificate, stores the
pair information in the storage means, and registers
together a process identifier which identifies a process
such as services to be used.
27. A program providing medium for providing a
computer program for causing a person application
authentication data process for performing a person
authentication process to be performed in a computer system
based on a verification process between a template extracted
from a person identification certificate in which the
template which is person identification data of an
individual user who uses an information processing apparatus
and user input sampling information, said computer program
comprising:
a step for retrieving a person identification
certificate used for a person authentication process based
on the user input information;
a step for outputting a request for issuing a person
identification certificate to a person identification
certificate authority which is a person identification
certificate issuing entity when a person identification
- 244 -
certificate corresponding to the user input information
cannot be extracted;
a step for creating pair information of identifiers of
each certificate when said person identification certificate
issued from said person identification certificate authority
is a person identification certificate corresponding to the
same user for an existing public key certificate which has
already been stored in said Information processing
apparatus ; and
a step for storing the pair information in the storage
means .